+++ /dev/null
-################################################################################
-# Copyright 2022 highstreet technologies GmbH
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-version: '3.8'
-services:
-
- identity:
- image: ${IDENTITY_IMAGE}
- container_name: identity
- ports:
- - ${IDENTITY_PORT_HTTPS}:${IDENTITY_PORT_HTTPS}
- environment:
- - KEYCLOAK_HTTPS_PORT=${IDENTITY_PORT_HTTPS}
- - KEYCLOAK_CREATE_ADMIN_USER=true
- - KEYCLOAK_ADMIN_USER=${ADMIN_USERNAME}
- - KEYCLOAK_ADMIN_PASSWORD=${ADMIN_PASSWORD}
- - KEYCLOAK_MANAGEMENT_USER=${IDENTITY_MGMT_USERNAME}
- - KEYCLOAK_MANAGEMENT_PASSWORD=${IDENTITY_MGMT_PASSWORD}
- - KEYCLOAK_DATABASE_HOST=identitydb
- - KEYCLOAK_DATABASE_NAME=keycloak
- - KEYCLOAK_DATABASE_USER=keycloak
- - KEYCLOAK_DATABASE_PASSWORD=keycloak
- - KEYCLOAK_JDBC_PARAMS=sslmode=disable&connectTimeout=30000
- - KEYCLOAK_PRODUCTION=false
- - KEYCLOAK_ENABLE_TLS=true
- - KEYCLOAK_TLS_KEYSTORE_FILE=/opt/bitnami/keycloak/certs/keystore.jks
- - KEYCLOAK_TLS_TRUSTSTORE_FILE=/opt/bitnami/keycloak/certs/truststore.jks
- - KEYCLOAK_TLS_KEYSTORE_PASSWORD=password
- - KEYCLOAK_TLS_TRUSTSTORE_PASSWORD=changeit
- volumes:
- - /etc/localtime:/etc/localtime:ro
- - ./identity/standalone.xml:/opt/jboss/keycloak/standalone/configuration/standalone.xml
- - ./identity/keystore.jks:/opt/bitnami/keycloak/certs/keystore.jks
- - ./identity/truststoreONAPall.jks:/opt/bitnami/keycloak/certs/truststore.jks
- depends_on:
- - identitydb
- networks:
- - dmz
-
- identitydb:
- image: docker.io/bitnami/postgresql:13
- container_name: identitydb
- environment:
- - ALLOW_EMPTY_PASSWORD=no
- - POSTGRESQL_USERNAME=keycloak
- - POSTGRESQL_DATABASE=keycloak
- - POSTGRESQL_PASSWORD=keycloak
- networks:
- - dmz
-
-
- persistence:
- image: ${PERSISTENCE_IMAGE}
- container_name: persistence
- environment:
- - discovery.type=single-node
-
- zookeeper:
- image: ${ZOOKEEPER_IMAGE}
- container_name: zookeeper
- ports:
- - 2181:2181
- environment:
- ZOOKEEPER_REPLICAS: 1
- ZOOKEEPER_TICK_TIME: 2000
- ZOOKEEPER_SYNC_LIMIT: 5
- ZOOKEEPER_INIT_LIMIT: 10
- ZOOKEEPER_MAX_CLIENT_CNXNS: 200
- ZOOKEEPER_AUTOPURGE_SNAP_RETAIN_COUNT: 3
- ZOOKEEPER_AUTOPURGE_PURGE_INTERVAL: 24
- ZOOKEEPER_CLIENT_PORT: 2181
- KAFKA_OPTS: -Djava.security.auth.login.config=/etc/zookeeper/secrets/jaas/zk_server_jaas.conf -Dzookeeper.kerberos.removeHostFromPrincipal=true -Dzookeeper.kerberos.removeRealmFromPrincipal=true -Dzookeeper.authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider -Dzookeeper.requireClientAuthScheme=sasl
- ZOOKEEPER_SERVER_ID:
- volumes:
- - ./zookeeper/zk_server_jaas.conf:/etc/zookeeper/secrets/jaas/zk_server_jaas.conf
-
- kafka:
- image: ${KAFKA_IMAGE}
- container_name: kafka
- ports:
- - 9092:9092
- environment:
- enableCadi: 'false'
- KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
- KAFKA_ZOOKEEPER_CONNECTION_TIMEOUT_MS: 40000
- KAFKA_ZOOKEEPER_SESSION_TIMEOUT_MS: 40000
- KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: INTERNAL_PLAINTEXT:PLAINTEXT,EXTERNAL_PLAINTEXT:PLAINTEXT
- KAFKA_ADVERTISED_LISTENERS: INTERNAL_PLAINTEXT://kafka:9092
- KAFKA_LISTENERS: INTERNAL_PLAINTEXT://0.0.0.0:9092
- KAFKA_INTER_BROKER_LISTENER_NAME: INTERNAL_PLAINTEXT
- KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE: 'false'
- KAFKA_OPTS: -Djava.security.auth.login.config=/etc/kafka/secrets/jaas/zk_client_jaas.conf
- KAFKA_ZOOKEEPER_SET_ACL: 'true'
- KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
- # Reduced the number of partitions only to avoid the timeout error for the first subscribe call in slow environment
- KAFKA_OFFSETS_TOPIC_NUM_PARTITIONS: 1
- volumes:
- - ./kafka/zk_client_jaas.conf:/etc/kafka/secrets/jaas/zk_client_jaas.conf
- depends_on:
- - zookeeper
-
- dmaap:
- container_name: onap-dmaap
- image: ${DMAAP_IMAGE}
- ports:
- - 3904:3904
- - 3905:3905
- environment:
- enableCadi: 'false'
- volumes:
- - ./dmaap/MsgRtrApi.properties:/appl/dmaapMR1/bundleconfig/etc/appprops/MsgRtrApi.properties
- - ./dmaap/logback.xml:/appl/dmaapMR1/bundleconfig/etc/logback.xml
- - ./dmaap/cadi.properties:/appl/dmaapMR1/etc/cadi.properties
- depends_on:
- - zookeeper
- - kafka
-
-networks:
- dmz:
- driver: bridge
- name: dmz
- enable_ipv6: false
- default:
- driver: bridge
- name: smo
- enable_ipv6: true
- ipam:
- driver: default
- config:
- - subnet: ${NETWORK_SUBNET_SMO}
- gateway: ${NETWORK_GATEWAY_SMO}